CVE-2023-28083 HIGH

CVE-2023-28083: Potential Cross-Site scripting vulnerability in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4).

Vendor Hpe
Product Integrated Lights-Out
Weakness CWE-79 · XSS
Published March 20, 2023
Last update February 26, 2025
View on NVD All CVEs

CVSS base score

8.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.

Key dates

02Disclosure timeline

March 20, 2023 CVE published
February 26, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-3158 Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject CVE-2024-14001 Nagios XI < 2024R1.1.3 XSS via Executive Summary Report CVE-2025-13732 s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2020-36956 Openfire 4.6.0 - 'path' Stored XSS CVE-2025-12644 Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields